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About This Guide 


This guide contains high-level overviews of Novell Filr and covers the following topics: 


* 


* 


* 


* 


* 


Chapter 1, “Filr Overview,” on page 7 

Chapter 2, “Setting Up Filr,” on page 11 

Chapter 3, "Filr Administration," on page 23 

Chapter 4, “Access Rights and Filr,” on page 31 
Chapter 5, "Filr Comments," on page 41 

Chapter 6, "Filr Email Notifications," on page 43 
Chapter 7, "Filr Indexing and Searching," on page 45 
Chapter 8, "Filr Licensing," on page 47 

Chapter 9, "My Files (Personal Storage)," on page 49 
Chapter 10, "Net Folders," on page 53 

Chapter 11, “Protocols and Filr,” on page 59 

Chapter 12, "Sharing through Filr,” on page 61 
Chapter 13, "Filr Synchronization," on page 69 
Chapter 14, "Network Time and Filr,” on page 73 
Chapter 15, "Viewing Files as HTML in Filr,” on page 75 
Chapter 16, "Users and Groups with Filz," on page 77 
Appendix A, "Documentation Updates," on page 81 


Audience 


This guide is intended for Novell Filr administrators. 


Feedback 


Please use the User Comments feature at the bottom of each online documentation page to comment 
and suggest improvements to this guide and the other documentation included with Novell Filr. 


Documentation Updates 


The most recent version of this guide is available here (http://www.novell.com/documentation/ 
novell-filr1/filr1 overvw/data/bookinfo.html) on the Novell Filr Web site. 


Additional Documentation 


For other Novell Filr documentation, see the Novell Filr Web site (http://www.novell.com/ 
documentation/novell-filr1/). 
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How Filr Works—Overview Guide 


1.1 


Filr Overview 


Work-related files used to live safely behind firewalls. Remote file access required VPN connections. 
Then cloud-based file sharing introduced anywhere-access to files. 


Now many users expect the same access to their work files that they have to their other files. In some 
cases, they have begun moving work files to cloud-based services, a potentially risky practice. 


Novell Filr works with existing file servers and network infrastructures, combining modern file 
access methods with the security that organizations already have in place. 


To learn more about Novell Filr, see the following: 
* Section 1.1, "What Is Novell Filr?," on page 7 


* Section 12, “Filr Features and Functionality,” on page 8 


* Section 1.3, "Why Novell Appliances?,” on page 9 


What Is Novell Filr? 


Novell Filr provides file access and sharing, and lets users access their home directories and network 
folders from mobile devices. Users can also synchronize their files to their PC and Mac computers. 
They can also share files internally and externally, and comment on files. 


Figure 1-1 Mobile Access to Enterprise Data 


External Internal 


Users Access Devices and Methods Filr Virtual Appliance Existing File Servers 


* Users: Filr lets you control the following: 
* User authentication inside and outside your organization's firewall 


* Access to organization files and folders that were previously accessible only through 
mapped drives 


* Access to personal files and folders, including traditional home directories 
* Internal and external sharing of files and folders 
* Access Devices and Methods: Filr provides multiple access methods. 
* A Web (browser-based) application 
* Anapp for Apple iOS 5.x (and later) personal devices 
* Anapp for Android 2.3 (and later) personal devices 


Filr Overview 


* Clients for Windows XP, Windows 7, and Windows 8 workstations 
* A client for Macintosh OS X 10.7 and 10.8 workstations 
* Filr Virtual Appliance: 
* This runs on VMware ESXi 4.1x and ESXi 5.x host servers. 
* Itlets users authenticate using their standard network usernames and passwords. 


* |t provides access to data on NetWare, OES, and Windows servers that use native file 
protocols (NCP and CIFS). 


* Existing File Servers: Are not impacted because Filr does the following: 
* Requires no changes to file servers 
* Honors file system trustee rights and attributes 


Your Novell and Windows file servers and directory services retain complete control over 
all file- and folder-related activity. 


1.2 Filr Features and Functionality 


Figure 1-2 shows Filr's main features in the context of your existing network infrastructure. The table 
that follows the figure briefly describes each feature and how all of the components shown fit 
together to provide Filr services. 


Figure 1-2 What Filr Provides 
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1.3 


Letter Details 


QO * eDirectory and Active Directory: You synchronize Filr with eDirectory and Active Directory 
identity stores through LDAP. See “Synchronizing Users and Groups from an LDAP Directory” in 
the Novell Filr 1.0.1 Administration Guide. 


* Local Users: You can create users on the Filr system independent of any LDAP source. For 
more information, see "Creating a New Local User' in the Novell Filr 1.0.1 Administration Guide. 


* External Users: When a user outside the organization responds to an invitation to share a file or 
folder, Filr creates a username using the invitation's email address. When users accept these 
invitations, they can set their passwords. For more information, see "Sharing Files and Folders" 
in the Novell Filr 1.0.1 Web Application User Guide. 


© Filr lets users access files and folders through the following: 


+ A Web (browser-based) application 
* Apps for Apple iOS 5.x and later and Android 2.3 and later 
* Clients for Windows XP, Windows 7, Windows 8, Macintosh OS X 10.7 and 10.8 workstations 


(c) Filr is designed to work with your security infrastructure. Your firewalls continue to protect your data 
while Filr provides access to it from practically anywhere. For more information, see “Site Security” in 
the Novell Filr 1.0.1 Administration Guide. 


Filr lets users collaborate by supporting user comments on files and folders. For more information, see 
“Filr Comments.” 


Filr lets users access their personal files and folders on either or both traditional home directories and 
local Filr storage. For more information, see “My Files (Personal Storage).” 


Filr lets users access your organization’s files and folders that were previously available only through 
mapped drives. For more information, see “Net Folders.” 


@| ©| ©| © 


Filr lets users search for files and folders that they have rights to access. If indexing is enabled on a 
folder, they can search within the content of the folder’s files as well. For more information, see “Filr 
Indexing and Searching.” 


Filr lets users share files in Net Folders, and files and folders in My Files, with internal and external 
users. For more information, see “Sharing through Filr.” 


Filr lets you synchronize eDirectory and Active Directory users as well as files and folders according to 
your organization’s needs. For more information, see “Filr Synchronization.” 


Filr provides access to storage on Novell file servers, Windows file servers, and personal storage on 
the Filr appliance. 


Why Novell Appliances? 


Novell appliances simplify the Novell development and delivery model for Filr so that we can 
provide you with new services more quickly. 


Novell appliance benefits include the following: 


* Simplified Deployment: Filr appliances are built on specific and tuned operating systems 
(SLES 11 SP2 in the case of Filr 1.0). This means that you don’t have to install the operating 
system, select the packages, and so on because everything needed is included and ready to 
configure and run. 


Filr Overview 


By the same token, packages and services that aren’t needed aren’t included, and therefore they 
don’t consume system resources. 


* Simplified Management: Appliances include the following: 
* Appliance-specific configuration wizards to configure exactly and only what is required. 


* Web-based administration tools for changing configurations, adding or provisioning users, 
and so on, from basically anywhere that you need to be 


* Simplified Maintenance: Appliances don't require support packs or patches. 


When there are enhancements or upgrades, you simply replace the system disk, connect it to the 
existing data disks, and start the service on the upgraded appliance. 
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Setting Up Filr 


This section presents high-level overviews of the following setup tasks. For detailed setup 
information and instructions, see the Novell Filr Installation and Configuration Guide. 


* Section 2.1, "Getting and Preparing Filr Software,” on page 11 

* Section 22, "Deploying Filr Appliances," on page 12 

* Section 23, "Initial Configuration of Filr Appliances," on page 14 

* Section 24, “Filr Clustering,” on page 17 

* Section 2.5, "Integrating Filr Inside Your Network Infrastructure,” on page 19 
* Section 2.6, "Ports Used in Filr Deployments," on page 21 


* Section 24, "There Are No Impacts to Existing Servers or Systems," on page 21 


Getting and Preparing Filr Software 


The process of getting and preparing Filr software is straightforward, as illustrated in Figure 2-1 and 
explained in the table that follows it. 


Figure 2-1 Downloading and Unzipping Novell Appliances 
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: integrity of the 
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" The initial appliance 

appliance- ; : 
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You deploy this in 


VMware. 


© The system virtual 
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Letter Details 
Q You can download the . zip archive files for the three Novell Filr appliances (Filr, Search, and 


MySQL) directly from the Novell Download Site, or you can obtain them through your Novell 
Authorized Reseller. 
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2.2 


2.2.1 


Letter 


Details 


Unzip the archives to expose a folder that contains the three files needed for deployment. For 
more information, see “Installing the Filr Appliance,” “Installing the Search Index Appliance,” and 
“Installing the MySQL Database Appliance” in the Novell Filr 1.0.1 Installation and Configuration 
Guide. 


The .mf file contains an SHA1 digest that VMware uses to verify the integrity of the other two 
files. 


The .ovf£ file contains the virtual appliance's configuration settings. You deploy this file in 
VMware to create the Filr appliance. Its settings get modified during the initial deployment 
phase. 


The .vmdk file is the virtual appliance's (VA's) system virtual disk and contains all VA system 
files. It comes ready for the initial start-up and configuration. 


For more information, see "Installing the Filr Appliance," "Installing the Search Index Appliance," 
and "Installing the MySOL Database Appliance" in the Novell Filr 1.0.1 Installation and Configuration 


Guide. 


Deploying Filr Appliances 


After you have obtained and extracted the appliance software, you need to deploy it on your 
VMware host server, as illustrated in Figure 2-2 and Figure 2-3 and as explained in the tables that 
follow them. For more specific information about the different deployment models, see "Small 
Installation Vs. Large Installation" in the Novell Filr 1.0.1 Administration Guide. 


* Section 22.1, "Small Filr Deployment Overview," on page 12 


* Section 2.22, "Large Filr Deployment Overview," on page 13 


Small Filr Deployment Overview 


Figure 2-2 A Small Deployment of Filr 
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2.2.2 


Letter 


Details 


Using the vSphere client, access the VMware host server and deploy the . ovf template file. 


Specify the hostname and IP address. If possible, the system determines the mask and 
gateway, and automatically populates those fields. 


The network interface is bridged by default. Make sure this setting matches the network 
configuration in your VMware environment. 


A second disk is needed for the following reasons: 


* Adequate personal storage disk space—personal files are stored here. 


* Separation of system and data files to facilitate appliance updates—data files are stored 
here. 


You might want to also change the RAM allocation and the number of CPUs. 


Start the appliance. 


© 


Specify the appliance’s basic configuration, which includes administrative users’ passwords, IP 
address settings, and the time zone and NTP time source. 


These settings are common to all Novell appliances. 


Large Filr Deployment Overview 


Figure 2-3 A Large Deployment of Filr 
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2.3 


2.3.1 


Letter 


Details 


Using the vSphere client, access the VMware host server and deploy the . ovf template file. 


Specify the hostname and IP address. If possible, the system determines the mask and 
gateway, and automatically populates those fields. 


The network interface is bridged by default. Make sure this setting matches the network 
configuration in your VMware environment. 


A second disk is needed for the following reasons: 


* Adequate personal storage disk space 


* Separation of system and data files to facilitate appliance updates 
You might want to also change the RAM allocation and the number of CPUs. 
If you are clustering the Filr VA, add a shared disk for all members of the cluster to use. 


This only applies to the Filr VA, not to the Search or MySQL appliances. 


Start the appliance. 


Specify the appliance’s basic configuration, which includes administrative users’ passwords, IP 
address settings, and the time zone and NTP time source. 


These settings are common to all Novell appliances. 


If you are installing separate appliances, you need to deploy a search appliance as well. The 
process is very similar to a Filr VA deployment, except that the search appliance doesn't use 
shared storage. 


Installing separate appliances also requires configuring a MySQL database. Deploying the 
MySQL appliance that comes with Filr is very similar to the process for Filr and the search 
appliance. 


If you already have a MySQL database in your organization, you can use it instead of the 
MySQL appliance that comes with Filr. 


Initial Configuration of Filr Appliances 


After you have deployed the appliances and set a few basic system settings, such as passwords, you 
must perform an initial appliance configuration. The process varies, depending on which 
deployment scenario you are implementing. 


* Section 2.3.1, “Small Filr Deployment Configuration,” on page 14 


* Section 2.3.2, “Large Filr Deployment Configuration,” on page 15 


Small Filr Deployment Configuration 


Starting and configuring an all-in-one Filr appliance is quite straightforward, as illustrated in Figure 
2-4 and explained in the table that follows it. 
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2.3.2 


Figure 2-4 Configuring an All-in-One Filr Appliance 
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Letter Details 

Q Access and configure the Filr appliance through a browser. 
O Log in to the administration console. 

© Run the configuration wizard. 


When you finish, your all-in-one appliance is running and ready to provide Novell Filr services. 


For more information, see“Small Deployment Configuration” in the Novell Filr 1.0.1 Installation and 
Configuration Guide. 


Large Filr Deployment Configuration 


Starting and configuring the appliances for a large deployment is obviously more involved than for a 


single appliance. However, the process is well documented and also very straightforward, as 
illustrated in Figure 2-5 and explained in the table that follows it. 


Notice that the order of working with the three appliance types is reversed from the order in Figure 
2-3 on page 13. 
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Figure 2-5 Configuring Separate Appliances 
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Letter Details 


o First, access and configure the Search appliance through a browser, logging in to the 
administration console, and running the configuration wizard. 


When you finish this step, your Search appliance is running and ready to provide indexing 
services for Filr. 


For details, see "Installing the Search Index Appliance" in the Novell Filr 1.0.1 Installation and 
Configuration Guide. 
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2.4 


Letter 


Details 


Second, access and configure the MySQL database appliance through a browser, or configure 
your database server. 


If using the MySQL database appliance, use the phpMyAdmin utility to configure the appliance, 
as instructed in “Installing the MySQL Database Appliance” in the Novell Filr 1.0.1 Installation 
and Configuration Guide. 


When you finish this step, your MySQL appliance is running and ready to provide database 
services to the Filr appliance. 


Finally, access and configure the Filr appliance through an administrative browser, logging in to 
the administrative console, and running the configuration wizard. 


For more information, see “Large Deployment Configuration” in the Novell Filr 1.0.1 Installation 
and Configuration Guide. 


When you finish this step, your virtual appliances are all running and working with each other, 
providing your network with Filr services. 


For more information, see“Installing Separate Appliances for a Large Installation” and “Large 
Deployment Configuration” in the Novell Filr 1.0.1 Installation and Configuration Guide. 


Filr Clustering 


Filr clustering involves two or more Filr VAs sharing the same NFS data storage location (/vashare). 
Basic steps for setting up Filr clustering are included in Figure 2-6. 
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Figure 2-6 Clustered Filr VAs 
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For more information about clustering, see Changing Clustering Configuration Settings in the Novell 
Filr Installation and Configuration Guide. 
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2.5.1 


Integrating Filr Inside Your Network Infrastructure 


The following examples illustrate two possibilities out of many potential network configurations for 


deploying Filr. 


* Section 2.5.1, “A Small Filr Deployment,” on page 19 


* Section 2.5.2, “A Large Filr Deployment,” on page 20 


A Small Filr Deployment 


Figure 2-7 illustrates a high-level view of how an all-in-one appliance might be integrated into a 


small organization’s network. Each letter is explained in the table that follows the figure. 


Figure 2-7 Example of a Small Filr Deployment 
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Letter Details 

Qo Filr brings Novell file services to personal devices, Macintosh and Windows workstations, and 
Web browsers. 

© Filr is built for fitting in with your security infrastructure and can be deployed in a DMZ network, 
allowing your organization's data to remain safely inside your internal network. 

Q Filr provides full NCP protocol support. Users have access to files stored on both NetWare and 
Open Enterprise Server file servers. 

© Filr provides full CIFS protocol support to servers providing CIFS file services, such as Windows 
file servers. 
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2.5.2 A Large Filr Deployment 


Figure 2-8 Example of a Large Filr Deployment 
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Letter Details 


Q Filr brings Novell file services to personal devices, Macintosh and Windows workstations, and 
Web browsers. 


O You can use L4 switches to provide load balancing of REST requests to your Filr appliances. 
Although not shown, you can, of course, also use Apache for this. 


(c) You can deploy Filr appliances inside a front-end DMZ and configure multiple Filr VAs to share 
NFS-based storage, thus providing scalability and high availability. 
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Letter Details 


Although not available in the first release, a future release could include a monitoring appliance 
that leverages Ganglia and Nagios monitoring and statistics. 


You can deploy multiple search appliances in a back-end DMZ, each of which maintains indexes 
of Filr data to provide scalable response times to search and other requests coming through the 
Filr appliances. 


Your organization’s MySQL servers can be deployed in the back-end DMZ and configured to 
access the same database. 


© 


As with small deployments, this configuration provides NCP file services. 


© 


2.6 P 


CIFS file services are also provided. 


orts Used in Filr Deployments 


As you configure the firewalls in your deployment, allow traffic on the ports indicated in Figure 2-9, 


as 


applicable on your network. 


Figure 2-9 Filr Port Usage 
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here Are No Impacts to Existing Servers or Systems 


* File Servers: Filr requires no changes to existing file servers or directory services. There is no 
new software to install on existing file servers. 


* File Systems: There are no changes to existing file systems. File system rights, trustee 
assignments, storage quotas, and so on are all honored. This is because all file access is 
controlled by the file systems just as it was before Filr was installed. 
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* Directory Services: There are no schema extensions or other changes required to existing 
directory services. 
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3.1 


Filr Administration 


Filr administration is very straightforward as outlined in the following sections. 


* Section 3.1, "Filr Administrative Users," on page 23 

* Section 32, "Ganglia Appliance Monitoring," on page 25 
* Section 3.3, "Updating Appliances," on page 26 

* Section 34, “Certificate Management in Filr,” on page 28 


* Section 3.5, "Filr Site Branding," on page 28 


Filr Administrative Users 


Because Filr is an appliance that is installed and administered in different phases, you install and 


then administer Filr using two different administrative users. Each user utilizes different Web-based 


administrative tools, as illustrated in Figure 3-1 and explained in the table that follows it. 
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Figure 3-1 Filr Administrators: Their Purposes, Passwords, and the Interfaces They Use 


O Novell Appliance Administration 


Username: vaadmin 
Purpose: Appliance Administration 


Password: specified during installation 


&à https://ip_address_or_DNS:9443 
i = m Filr Appliance Administration 


vaadmin 


O Filr Administration Console 
Username: admin 
Purpose: Filr Service Administration 


Password: admin (changed at first login) 


aà https://ip_address_or_DNS:8443 
———HÉAHÓÀÀMÀÓÀMMÓ—ÓÓÓSÓÓÓÓÓMÓMM 


Q 


Username: root 
Purpose: Only as Directed by Novell 


Password: specified during installation 
Terminal Prompt 


Letter Details 


QO vaadmin takes over the installation process after the initial deployment is finished. It then 
configures appliance services so that they are fully operational. 


You use this administrative user whenever appliance settings need to be changed or adjusted. 
Installing certificates and licenses, adjusting the network configuration, and setting up Filr 
clustering are just a few of the tasks that you use vaadmin to perform. 
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3.2 


Letter 


Details 


After the appliances are fully operational, most of the administrative work is accomplished using 
the Filr admin user account. 


The first time you log in, the username/password are admin/admin. You are prompted to change 
this. See “Resetting the Filr Administrator Password” in the Novell Filr Administration Guide. 


You use this administrative user to do the following: 


¢ Import (Synchronize) users and groups from LDAP identity stores 
* Create additional Filr users 

* Setup My Files personal storage 

* Setup Net Folders 


* Set synchronization schedules 


Novell Filr and the appliances associated with it are special-purpose virtual machines. They are 
designedtobeconfiguredandmanagedusingtheWeb-basedmanagementconsoles(above) 

. Although it is possible to access the appliance using the terminal prompt or through an SSH 
connection, Novell strongly discourages this practice because it can result in service disruption 
or more serious problems, including data loss. 


If you contact Novell Support with a Filr support incident, you might be asked to access the 
appliance's terminal prompt as the root user. Otherwise, there are no Filr administrative tasks 
that involve root or the bash interface. 


Ganglia Appliance Monitoring 


By launching the Ganglia monitoring page, as shown in Figure 3-2, you can access various real-time 
monitoring statistics for all of the Ganglia-enabled machines on your network segment. 


Figure 3-2 Ganglia Appliance Monitoring 
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vaadmin 


Letter 


Details 


The vaadmin administrative user has access to Ganglia monitoring, via the Appliance 
Configuration and Maintenance Web page. 
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Letter Details 


© At the top of the Ganglia Web page are graphs that represent an aggregation of all of the 
Ganglia-enabled machines that are being monitored on your network segment. 


At the bottom of the page are graphs for each machine that is being monitored. By clicking an 
individual machine’s graph, you can get its details. For example, on a Filr appliance you see Filr 
metrics, /vastorage monitoring, CPU load, disk statistics, memory usage, and all of the 
standard Ganglia metrics. 


If you want to learn more about using and customizing Ganglia, you might consider investing in 


publications on the subject, such as the book Monitoring with Ganglia, which was written by 
developers and others associated with the Ganglia project. 


3.3 Updating Appliances 


Filr and Search appliances are updated by simply installing a new appliance system disk and linking 
it to the existing data disk, as illustrated in Figure 3-3. 


IMPORTANT: While performing an upgrade, be sure to consult the detailed instructions in 
"Updating Filr and Search Appliances" in the Novell Filr Installation and Configuration Guide. A 
successful upgrade depends on following sub-tasks that are not illustrated here, such as the order in 
which appliances are shut down and then restarted. 
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Figure 3-3 Updating a Filr or Search Appliance 
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3. Shut down the appliance being replaced. 


4. Add an "existing disk” as the data disk, pointing to the old appliance's data disk. 
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vSphere Client Virtual Machine 
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5. Power on the new appliance, specify the same password and network information, 
then select the existing data disk, and if clustering, select the existing /vashare disk as well. 
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Filr services are automatically configured, and the update is finished. 
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3.4 


3.5 


Certificate Management in Filr 


So that your Web client users don't receive security warnings when accessing Filr, we recommend 
that you configure Filr with a certificate from your CA, as illustrated in Figure 3-4. This will ensure 
that browsers will trust the Filr appliance as a valid server. 


You can also set up Filr as a client to trust other servers. For example, if your LDAP identity store 
requires SSL communications (LDAPS), you can import the trusted CA certificate from your identity 
store server. 


Figure 3-4 Importing a CA certificate 


YOUR 
TRUSTED 


CERTIFICATE 
vaadmin AUTHORITY 


Filr Site Branding 


You can customize the colors and images displayed on the Filr site and the login dialog box, as 
illustrated in Figure 3-5. For more information, see “Setting Up Site Branding” in the Novell Filr 1.0 
Administration Guide. 
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Figure 3-5 Branding Filr 
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4.1 


Access Rights and Filr 


Filr administrators need to have a good understanding of how Filr leverages the file system and other 
rights that are already in place, and also how user rights to use Filr functionality are determined. 


* 


* 


* 


* 


* 


* 


* 


* 


Section 4.1, "Filr Authentication," on page 31 

Section 4.2, "Access to Files and Folders Is Controlled by the File System," on page 32 
Section 4.3, "How Users Get the Required Access Permissions," on page 32 

Section 4.4, "Access Through Filr Involves One of Four Possible Roles," on page 33 
Section 4.5, "Rights to Files and Folders," on page 33 

Section 4.6, "Sharing Rights," on page 39 

Section 4.7, "Windows Share Rights," on page 39 


Section 4.8, “Access-based Enumeration (Windows),” on page 39 


Filr Authentication 


Filr clients for mobile devices and workstations use a REST protocol for Filr authentication. Inside the 
protocol are the user-supplied credentials. Filr validates these against the identity source (LDAP or 
local) or against the OpenID provider. 


Web access is through either the Web form or OpenID. If the Web form is used, Filr takes the 
credentials supplied and validates them as with REST. If Open ID is used, Filr honors the 
authentication provided by the OpenID provider. 


This is illustrated in Figure 4-1. 
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4.2 


4.3 


Figure 4-1 User Authentication in Filr 
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* Mobile and desktop clients use REST. 


** Web access credentials are either: 
- Submitted through Web form 
or 
- Authenticated through OpenID. 


*** Guest users are authenticated through the Filr admin process. 


Access to Files and Folders Is Controlled by the File 
System 


The NSS and NTFS file systems on OES, NetWare, and Windows servers always control access to the 
files and folders they contain. Users seeking access through a file browser, such as Windows explorer, 
must generally have the required permissions on the file systems to gain access. 


This is absolutely true when accessing files and folders through Filr. You cannot gain more access 
through Filr than the underlying file system allows. 


Filr sharing is no exception. Shared access through Filr depends on the Net Folder proxy user having 
the required file system rights. 


How Users Get the Required Access Permissions 


From a Filr perspective, users can get the required permissions to access files and folders in one of 
three ways: 
* Directly: Users are assigned permissions to the files and folders. 


* Group Membership: Users inherit permissions to the files and folders through membership in a 
group that has been assigned the permissions. 
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4.4 


4.4.1 


4.4.2 


4.5 


* Net Folder Proxy User: Users receive and accept Filr share invitations. They can then access the 
shared files and folders through the assigned Net Folder proxy users that have the required file 
system rights. 


Access Through Filr Involves One of Four Possible Roles 


Depending on the rights that users have on the file system (see How Users Get the Required Access 
Permissions), Filr lets users function in one of four roles, as outlined in Table 4-1. 


Table 4-1 Filr Roles and the Rights That They Represent 


Role Rights 

None No rights 

Viewer Read and Visibility rights 

Editor Read, Visibility, and Write rights 
Contributor Read, Visibility, and Write rights 


Create, Delete, Rename, Move, and Copy the contents of the folder 


Roles and Net Folders 


User roles relative to Net Folders are not assigned. They are automatically derived from users' 
permissions on the «NSS link to Table 4-2» and «NTFS link to Table 4.3» file system. 


As explained in How Users Get the Required Access Permissions, file system permissions can be 
directly assigned or inherited through group membership. 


Roles and Shared with Me 


User roles relative to Shares are assigned by the user sending the invitation. 
Users sending invitations can only assign roles up to the level that they have. 


Users receiving and accepting share invitations might or might not have direct rights on the file 
system, but that is irrelevant. Individual user rights on the file system do not affect Shared with Me 
functionality. Instead, Net Folder proxy users interface with the file system for everyone who is 
functioning in a sharing role. 


If users access a folder through Shared with Me to which they also have file system rights, their 
functionality within Shared with Me is defined by the sharing role they were granted with the share 
invitation, even though that role might provide more or fewer access privileges than they would have 
through their Net Folder connection to the same folder. 


Rights to Files and Folders 


Filr users must have the required rights to access files and folders through Filr. 


* Section 4.5.1, "Access Is Always Controlled by the File System," on page 34 
* Section 4.5.2, “My Files (Personal Storage)" on page 36 
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* Section 4.5.3, “Home Folders,” on page 37 
* Section 4.5.4, "Net Folders,” on page 37 
* Section 4.5.5, "Filr Attributes Are Always Honored," on page 38 


45.1 Access Is Always Controlled by the File System 


As already explained, access through Filr involves one of four possible roles. 


For users to have Viewer, Editor, or Contributor rights through Filr, they must have the minimum 
rights that those roles require, as outlined and illustrated in the following sections. 


* "Filr Roles and NSS File System Trustee Rights" on page 34 
* "Filr Roles and NTFS Permissions" on page 35 
* "Role Requirements Are Rigidly Enforced" on page 36 


Filr Roles and NSS File System Trustee Rights 


For eDirectory users to function in Filr roles, they must have the NSS rights illustrated and explained 
in Table 4-2. 


Table 4-2 NSS File System Rights and Filr Roles 


Role and Minimum NSS Rights Required Comments 


Read and File Scan are the minimum file system trustee 


Vi Rol : 3 f 
SS rights that users must have to view files and folders. 


NSS Rights 


Target 
File 
or 


` Folder 
eDirectory 


User 


: If the Write file system trustee right is added to Read and 
Editor Role . rai 
File Scan, users can then modify file content. 


NSS Rights 
o Read 
umm d. 
Write 
Target 
File 


or 
Folder 


eDirectory 
User 
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Role and Minimum NSS Rights Required Comments 


To perform contributor functions, users must either have all 
file system trustee rights to the file or folder (except for 

NSS Rights Access Control) or the Supervisor right to the file or 
folder. 


Contributor Role 


You might ask why Access Control isn't listed. That is 
because it has no effect. 


Although users can provide access for other users through 
eDirectory Filr sharing, that functionality is enabled by the file system 
User rights of Net Folder proxy users. 


Filr shared access is independent of any file system rights 
that users have or do not have. 


Filr Roles and NTFS Permissions 


For Active Directory users to function in Filr roles, they must have the NTFS file system permissions 
illustrated and explained in Table 4-3. 


Table 4-3 NTFS Permissions and Filr Roles 


Role and Minimum NTFS Permissions Comments 
Required 

Read, Read & Execute, and List Folder Content are 
the minimum basic permissions that users must have in 
NTFS Privileges order to view files and folders. The default special 
permissions associated with these basic permissions are 
also required. 


Viewer Role 


Target 
Folder 


Active Directory 
User 


If the basic write permission is added, users can then 
modify file content. The default special permissions 
NTFS Privileges associated with these basic permissions are also required. 


Editor Role 


Folder 


merne — Gil 
"— Target 


Active Directory 
User 
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Role and Minimum NTFS Permissions 
: Comments 
Required 
To perform contributor functions, users must either have the 
basic Modify permission added, or they must have the 
NTFSiRrivileges basic Full Control permission. The default special 
permissions associated with these basic permissions are 


d also required. 


Target 
Folder 


Contributor Role 


Active Directory 
User 


Role Requirements Are Rigidly Enforced 


The NSS and NTFS requirements set forth in Table 4-2 and Table 4-3 are very rigid. 


For example, Figure 4-2 shows that if the NSS write right is missing, the user can only function as a 
viewer, even though all of the Contributor-specific rights are present. 


Figure 4-2 Missing Write right limits to only Viewer role 
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Figure Figure 4-3 shows that if the Read & Execute privilege is missing, the user has no Filr role, 
even though all of the other permissions are present. 


Figure 4-3 Missing Read & Execute privilege prevents access through Filr 
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45.2  MyFiles (Personal Storage) 


Users automatically have all access rights to the Filr-based personal storage assigned to them. 
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4.5.3 


4.5.4 


Figure 4-4  Filr users have all rights to their personal storage through My Files 
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For more information regarding My Files, see Chapter 9, “My Files (Personal Storage),” on page 49. 
Home Folders 
Users should have all rights to their server-based home folders. 


Blue's File System Rights My Files 


All Rights All Rights 


User Blue User Blue’s Home Folder 


Letter Details 

QO Although it is certainly possible that an administrator might choose to limit the file system rights to a 
home folder, that would seem to defeat the whole purpose behind providing home directories in the 
first place. 


Of course, rights restrictions are completely separate from limiting the available file storage space. 


In all cases, if there are file system restrictions, Filr always honors them. 


Net Folders 


Users who are granted access to a Net Folder are not restricted by Filr. The file system of the target 
folder retains complete access control. The level of rights that users have through Filr depends on the 
role they have, as explained in, “Access Through Filr Involves One of Four Possible Roles (page 33).” 
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Figure 4-5 Users’ effective rights to Net Folders are controlled by the file system where the Net Folder resides and the Filr role that these 
rights qualify them for 


File System Rights Filr Role = Net Folders 
to projects folder Editor 


User Blue projects 


Letter Details 

QO User Blue is granted all rights to the NSS-based projects folder, except the Erase right (green 
bar). 

O Because User Blue doesn't have the Erase right, Filr assigns the Editor role. 


This means that even though Blue has Create (blue) and Modify (purple) rights on the file 
system, and could exercise them through a file browser, such as Windows Explorer, Filr 
functionality is limited to editing files within the projects folder. 


For more information, see Section 10.5, “Granting Access to Net Folders,” on page 58. 


45.5  Filr Attributes Are Always Honored 


Figure 4-6 File attributes affect functionality in home folders 
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Letter Details 
O User Blue is granted all rights to an NSS-based home folder. 
O User Blue applies the Read-only attribute to one of the files in the home folder to ensure that it 


doesn't get modified by mistake. 


(c) A few weeks later, Blue opens the file and tries to change it. 
The file system doesn't allow this because of the file’s Read-only attribute. 


Of course, Blue could remove the attribute using a file browser, such as Windows Explorer, and 
then modify the file. 


Filr always honors the file system. As long as the file is Read-only, it cannot be modified through 
Filr. 
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4.6 


4.7 


4.8 


Figure 4-7 File attributes also affect functionality in Net Folders 
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Letter Details 

O As shown in Figure 4-5 on page 38, Blue doesn’t have Erase rights on the projects folder. 

© Therefore, Blue only qualifies for the Filr Editor role. 

Q The project leader maintains strict control of the scope. txt file by using the Read-only attribute. 
© This means that, even though Blue is an Editor in the projects folder, the scope. txt file is off- 


limits for making any changes. 


Sharing Rights 


In contrast to file and folder rights, which are controlled by the file system, Filr controls all My Files 
and Net Folder sharing. 


For more information about sharing, how it is managed, and how it works, see Chapter 12, "Sharing 
through Filr,” on page 61. 


Windows Share Rights 


Windows Shares are leveraged by Filr to create Net Folders. It might seem logical, therefore, that the 
rights settings exposed on the Sharing tab in Windows would affect Filr functionality. That is not the 
case. 


Setting Windows Share rights on a Windows Share has no effect on Filr. This is in keeping with the 
best practice recommendation from Microsoft that Share rights not be used to grant or control file 
access. 


Remember, Filr Sharing is only enabled through the Net Folder proxy user and the file system 
privileges assigned to it. 


Access-based Enumeration (Windows) 


Access-based Enumeration settings on an NTFS file system have no effect on Filr. 


For example, a Windows administrator might disable Access-based Enumeration so that the files in a 
shared folder always display in Windows Explorer no matter what the user's rights. 
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The administrator might then expect that users would also be able to see the files through Filr. That is 
not the case. Disabling Access-based Enumeration has no effect on Filr. Only those users who have all 
of the NTFS permissions required for the Viewer role (Read, Read & Execute, and List Folder 
Content) can see the files. 
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Filr Comments 


Comments are linked to the files that are commented on. All users, except Guest, have read/write 
access to comments on the files and folders that they are allowed to see. Guest can be granted rights 
to write comments as well, as indicated in Figure 5-1. 


Figure 5-1 Who Can Log Comments in Filr 
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blue - Looks good to me. E 


ilr quick start.pdf 


Read and Write 
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Read Onl 
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(unless changed by admin) 


For more information about Filr comments, see “Comments” in the Novell Filr 1.0 Administration 
Guide. 
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Filr Email Notifications 


Filr includes a Postfix mail server for outbound email notifications, as illustrated in Figure 6-1. 


Figure 6-1 Filr Outbound Email Functionality 
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Although the default mail server should work well for most Filr installations, you can configure Filr 
to use your outbound SMTP mail server. For more information, see "Changing Outbound Email 
Configuration Settings" in the Novell Filr Installation and Configuration Guide. 
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7.1 


Filr Indexing and Searching 


All Filr searching involves the Index server (Lucene). Everything that is searchable is in the index, 
including users and groups. All synchronized files and folders have their metadata synchronized 
automatically, so that their basic information (in contrast with actual content) is searchable. 

* Section 7.1, "What Is Indexed and When," on page 45 

* Section 7 2, "About Filr Content Indexing,” on page 46 


What Is Indexed and When 


As illustrated in Figure 7-1, indexing occurs each time that data is modified. Index triggers include 
the following: 

* Modifications made by a user or administrator 

* Synchronization of files and folders 


When a folder is indexed, the only files re-indexed are those whose time stamps or hash sums 
have changed since the last index was performed. 


* Synchronization of users and groups 


Filr Indexing and Searching 
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Figure 7-1 When Indexing Occurs 
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7.2 About Filr Content Indexing 


Only files that live in folders that are specifically enabled for indexing have their content indexed. 
After the files have been synchronized to Filr, the indexing process can begin. 


Content indexing is performed as a background process. Depending on the number of files that need 
to be indexed, it can take several hours or even days before all of the content is indexed and 
searchable in the Filr system. Therefore, it is important to consider which files need to have their 
content be searchable. 


For more information about Filr indexing, see "Managing the Lucene Index" in the Novell Filr 1.0 
Administration Guide. 
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Filr Licensing 


Filr comes with a 90-day evaluation license pre-installed. You must install a full license in order for 
Filr to continue functioning beyond the 90-day evaluation period. 


For instructions on viewing and installing Filr licenses, see “Viewing and Updating the Filr License” 
in the Novell Filr 1.0 Administration Guide. 
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9.1 


My Files (Personal Storage) 


Many organizations let their network users store personal files on organization file servers. Filr 
supports this practice through My Files, which can include access to personal storage on Filr as well 
as to traditional home directories. 

* Section 9.1, "Understanding My Files," on page 49 

* Section 92, "Enabling Personal Storage," on page 50 

* Section 9.3, "How Home Folders Differ from Net Folders,” on page 51 

* Section 9.4, "My Files Sharing Rights," on page 51 


Understanding My Files 


My Files is an optional personal storage area that you can make available to your Filr users. It can 
include two possible data storage locations, as illustrated in Figure 9-1 and explained in the table that 
follows it. 


Figure 9-1 My Files’ Possible Storage Locations 
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50 


Letter Details 


o If you enable personal storage for users as outlined in Figure 9-2 on page 51, then Filr 
automatically creates a personal storage directory on its data disk. 


o If your LDAP users have home directory attributes associated with them in the identify store 
(eDirectory or Active Directory), then when their users accounts are synced, Filr creates special 
Net Folders that link to their home directories. 


(c) If you have enabled personal storage for users who do not have home directories as described 
on the previous row, then those users see only what is stored in the Filr data store in their My 
Files. 

© If you have enabled personal storage for users, and those users also have home directories 


associated with them in the identity store, they see what is stored in the Filr data store and a 
folder named Home under My Files. The Home folder provides a distinction between files and 
folders in the Filr data store and those in Home directories on the file server. 


[E] If you haven't enabled personal storage, but your users have home directories, then the files 
and folders in their home directory display as direct entries within My Files. 


NOTE: Of course, if you don't enable personal storage, and users don't have home directories, then 
their My Files is empty and not usable. 


9.2 Enabling Personal Storage 


If personal storage is enabled, then space is allocated to users for personal storage. Figure 9-2 
illustrates how you can set a default usage quota for all users and also set individual quotas as 
required. 
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Figure 9-2 Setting Default and Individual Storage Quotas 
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9.3 How Home Folders Differ from Net Folders 


A home folder is a special kind of Net Folder that is included in My Files. 


Home folders allow for the sharing of files and sub-folders, while Net Folders only allow for the 


sharing of files, not sub-folders. 


9.4 My Files Sharing Rights 


See Section 12.1.2, "My Files Sharing Is Automatic," on page 63. 
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10.1 


Net Folders 


Filr introduces a new way of accessing file server data— Net Folders—a new file access method that 
shares some similarities with Novell’s long-standing concept of mapped network drives. 


* Section 10.1, “Overview,” on page 53 
* Section 102, "Specifying Net Folder Servers," on page 55 


* 


Section 10.3, "Specifying Net Folders," on page 56 
* Section 10.4, "Net Folder Proxy Users," on page 57 
* Section 10.5, "Granting Access to Net Folders," on page 58 


Overview 


To understand Net Folders, it is useful to see the similarities and differences between them and the 
mapped drives that you probably have on your current network. Figure 10-1 and Figure 10-2 
illustrate such a comparison. 


Figure 10-1 File Servers and Mapped Drives 
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Figure 10-2 shows the same servers as in Figure 10-1, with their volumes defined as Net Folder 
Servers. Notice that the Net Folder Server names do not need to match the volume names, which can 
sometimes be rather cryptic. 


The asterisk-marked folders in Figure 10-1 are shown as Net Folders here. 


As with the Net Folder Server names, some of the Net Folder names in Figure 10-2 are different from 
the Figure 10-1 volume and folder names that they represent. This illustrates that Net Folder names 
are not tied to their corresponding actual folder names. Instead, you can name them whatever best 
communicates their purpose and content to those who access them. 


Figure 10-2 Net Folder Servers and Net Folders 
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Letter Information 


O A Net Folder Server represents a volume or share on a NetWare, OES, or Windows file server. 
Net Folder Servers for OES servers point to the root of an NSS volume on the server. 


Net Folder Servers for Windows servers point to a Windows share, which is usually defined at a folder 
level other than at the root of the file system. Therefore, it is common for a Net Folder Server for 
Windows to point to the same folder as an associated Net Folder does. 


There is usually one Net Folder Server per volume or share, but you can create multiple Net Folder 
Servers to the same volume or share if needed. 
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Letter Information 


© A Net Folder is a pointer or reference to a specific folder within a Net Folder Server. 


Often there is just one Net Folder for every Net Folder Server, but you can create multiple Net Folders 
that point to a single Net Folder Server. You can even create multiple Net Folders that point to the 
same relative path. 


Why might you want to duplicate Net Folders? Possibilities include the following: 


¢ Different synchronization schedule requirements 
¢ Different access rights requirements 
¢ Different usage patterns 


* Different access loads 


10.2 Specifying Net Folder Servers 


The first step in creating Net Folder is to set up Net Folder Servers. 


Figure 10-3 Net Folder Server Creation 


As illustrated in Figure 10-3, adding a Net Folder Server includes the following: 


* Name: Net Folder users don't see this name, so use a name that makes sense from an 
administrative perspective. For example, you might include the IP address or DNS name of the 
server, or you could use a location name, such as Third Floor Server. 


* Server Path: This is the full UNC path to the root of the NSS volume or NTFS share where your 
Net Folders are located. 


* Proxy Name: This is the name of the Net Folder proxy user that provides access to this volume. 
For more information, see Section 10.4, "Net Folder Proxy Users," on page 57. 


IMPORTANT: When specifying the proxy user for a Net Folder Server that points to an OES 
server, always use a fully qualified name, such as cn=admin, o=myorganization. 


If you specify only a simple name, such as admin, then Filr accesses the Net Folders for the 
server using CIFS rather than NCP. 


When you test the connection, the test succeeds and data synchronizes using CIFS. 
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Unfortunately, when Filr attempts to determine a user's effective rights, the request fails because 
that function requires NCP and the simple name doesn't provide enough information to the 
NCP process. 


Proxy Password: This is the password of the Net Folder proxy user. If the password changes in 
the identity store, it must be updated here. 


Test Connection: This lets you test the path and the credentials of the proxy user that you have 
specified. 
Synchronization Schedule: This lets you create a synchronization schedule for this Net Folder 


Server. Any Net Folders for this server that don't have their own synchronization schedules will 
be synchronized according to this schedule. 


For more information about Net Folder Server creation, see "Configuring and Managing Net Folder 
Servers" in the Novell Filr 1.0 Administration Guide. 


Specifying Net Folders 


After creating Net Folder Servers, you can create Net Folders for users to access. 


Figure 10-4 Net Folder Creation 


As illustrated in Figure 10-4, adding a Net Folder includes the following: 


* 


Name: Filr users with rights to the Net Folder see this name, so you should use a name that they 
will recognize and that will help them to understand what the Net Folder contains. 


Net Folder Server: The Net Folder Servers you have created appear in a drop-down list. You 
also have the option to create an additional Net Folder Server from within the Net Folder 
creation dialog. 


Relative Path: This is the path to the folder relative to the UNC path entered for the Net Folder 
Server. A blank path creates a Net Folder that points to the Net Folder Server’s UNC path. 


Test Connection: This lets you verify that you have typed the path correctly. 


Index Contents: Enabling this option causes the contents of files within the Net Folder to be 
indexed for content searching. For more information, see Chapter 7, "Filr Indexing and 
Searching," on page 45. 


Just-in-Time Synchronization: Enabling this option causes the folder to be synchronized each 
time a user accesses it. 
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¢ Rights Tab: Clicking this opens a dialog for specifying who has which rights to the Net Folder. 


¢ Synchronization Schedule Tab: Clicking this opens a dialog for specifying a Net Folder-specific 
synchronization schedule. Creating a synchronization schedule overrides the Net Folder Server 
schedule if one exists. 


* Data Synchronization: Clicking this opens a dialog for specifying that Windows and Macintosh 
desktops can download files from this Net Folder. In version Filr 1.0, the desktops can see only 
the files they have downloaded, so deselecting this option effectively hides the Net Folder's files, 
even if the user has rights to see them. 


For more information about Net Folder creation, see "Configuring and Managing Net Folders" in the 
Novell Filr 1.0 Administration Guide. 


10.4 Net Folder Proxy Users 


Net Folder proxy users provide Net Folder access for three Filr functions: file sharing, indexing, and 
synchronization, as illustrated in Figure 10-5. 


Figure 10-5 Functions of a Net Folder Proxy User 
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Here are some pointers regarding proxy users. 


¢ Proxy users must have all rights at each Net Folder Server volume or share, and in the case of 
NSS volumes, they must have READ rights to the volume objects in eDirectory. 
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Net Folder Proxy Users 
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* If the proxy user password changes in the LDAP identity store, it must also be changed in the 
Net Folder Server configuration dialog. 


* Access to shared files always involves the proxy user, even for users who have file system rights 
to the shared files. 


* Proxy users have no role when users with Net Folder rights access Net Folders directly. 


For more information about Net Folder Server proxy users, see "Planning the Net Folder Server 
Proxy User" in the Novell Filr 1.0 Administration Guide. 


10.5 Granting Access to Net Folders 


Figure 10-6 Net Folder Access Involves Filr and the File System 


© Q 


User Blue's File System Rights File Attributes Net Folders 
to the projects Folder on the File 


All Rights Limited Rights Limited Functionality 


User Blue projects 


Letter Explanation 


o When you grant a user access to a Net Folder, either individually or as a member of the group by using 
the Rights tab (see the explanation for Figure 10-4), then from a Filr perspective, the user has all rights 
to that folder. However, the file system is the access master controller. 


© The user must have file system trustee rights that allow the file to be viewed and accessed. For 
example, if the user has Read, Write, and File Scan rights to a file on an NSS volume, then the file is 
not only visible, but can, in theory, be modified. However, there’s one more part to the access equation. 


Q Files can have attributes that prevent them from being modified, such as Read Only. They might also 
be hidden, in which case they would not be visible to the Filr user. 


For more information about Net Folders, see "Setting Up Net Folders" in the Novell Filr 1.0 
Administration Guide. 
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Protocols and Filr 


The components in a Filr deployment use a number of different protocols to communicate and 


provide Filr services, as shown in Figure 11-1. The optional internal firewall is shown to facilitate the 


illustration of a separate (and also optional) DMZ network. 


Figure 11-1 Protocols Used in Filr Installations 
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Letter Details 


o Workstations and devices running Filr software access Filr using REST protocols that facilitate 
authentication and other access requests. 


Browsers use HTTPS to communicate with Filr. 


Filr communicates with Novell file servers using NetWare Core Protocol (NCP) requests. 


Q 


Filr communicates with Windows servers using the Common Internet File System (CIFS) 
protocol. 


© 


© Other system protocols handle communication between Filr and the MySQL and Search 
appliances. 
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Sharing through Filr 


Sharing lets users grant other users (internal or external) access to files that they own. If allowed, 
users can also share files that they have received share invitations for. 


Figure 12-1 presents a high-level overview of the sharing functionality available in Filr. The sections 
that follow provide more detail. 


* Section 12.1, “Setting Up Sharing,” on page 62 
* Section 122, "Understanding Roles and Sharing," on page 65 


Figure 12-1 Sharing through Filr 
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Letter Explanation 


Q Depending on the sharing privileges they are granted, internal users can share and collaborate with 
each other, with external users who have been invited to self-provision into the Filr system, and with 
the public. If re-sharing items is allowed, those who receive share invitations can also share. 


This means that eDirectory users can share files with Active Directory users and groups, that the 
reverse is also true, and that both of them can invite external partners or others to join the Filr system 
for collaboration and other purposes. 


O When External Sharing is enabled in Filr, external users who receive share invitations can self- 
provision into the Filr system and collaborate with internal and external users, using the Comments 
feature. 


If Filr is configured to allow it, external users can also share with internal users, with each other, and 
with the public. 


@ If Filr is configured to allow public sharing, and if a file is shared publicly through a system-generated 
URL, then anyone with that URL can access the file as a guest user and share it with any other user, 
including other public users. This re-sharing is not a function of Filr but a function of sharing the URL 
through email, social networking, and so on. 


Setting Up Sharing 


Before any sharing can happen, it must first be enabled at the Filr system level. After that, the system- 
level settings define the upper limit of sharing that can be enabled at lower levels. 


After sharing is enabled for the system, sharing of My Files is automatically available up to the limits 
granted at the system level. Sharing files from Net Folders must be enabled on an individual Net 
Folder basis. 


System-Level Sharing Must Be Set Up First 


The Filr Administrative Console provides access the Share Settings dialog. Some Filr administrators 
prefer to enable sharing and set its upper limits on an individual-user and individual-group basis. 
Others prefer to enable sharing at a global level by leveraging the A11 Internal Users and A11 
External Users groups. 


In the first case, My Files sharing will be limited to only those users and groups that have sharing 
enabled at the system level. In the second case, all internal and external users will have My Files 
sharing enabled. 


In both cases, Net Folder sharing must be configured for each Net Folder individually. 
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Figure 12-2 Setting Up System-Level Sharing Rights 
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12.12 My Files Sharing Is Automatic 


After sharing is enabled at the system level for users individually or as members of groups, then if 
those users have personal storage enabled, they can share their files and folders within the limitations 
set for the system. 
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Figure 12-3 My Files Share Settings 
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Net Folder Sharing Must Be Explicitly Allowed 


After sharing is enabled at the system level for users individually or as members of groups, then 
before they can share files in their assigned Net Folders, they must have sharing enabled on those Net 
Folders. A Filr administrator can assign any or all sharing rights when setting up Net Folder access, 
but the effective rights will not exceed those set at the system level, as illustrated in Figure 12-4. Note 
that although Public sharing and re-sharing were enabled for user red, red’s effective sharing rights 


do not include those privileges. 
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Figure 12-4 An Example of Net Folder Sharing 
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12.2 Understanding Roles and Sharing 


Users can share both files and folders in their My Files area, but Net Folders restrict sharing to only 
files. 


When users send share invitations, they must designate the role that they want the user receiving the 
share to have for the file they are sharing. For more information about user roles, see Section 4.4, 
"Access Through Filr Involves One of Four Possible Roles," on page 33. 
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12.2.1 


12.2.2 


12.2.3 


The following are a few foundational concepts that Filr administrators should understand regarding 
user roles and sharing. 


¢ Section 12.2.1, “User Roles and Sharing,” on page 66 
* Section 12.2.2, “Users Can't Grant Share Roles That They Don’t Have,” on page 66 
* Section 12.2.3, “File System Rights Also Affect the Ability to Assign Share Roles," on page 66 


User Roles and Sharing 


When users receive invitations to share, they also receive one of three user roles: Viewer, Editor, or 
Contributor. For more information, see Section 4.4, “Access Through Filr Involves One of Four 
Possible Roles,” on page 33. 


Users who receive and accept share invitations can then access shared files through the proxy user 
assigned to the Net Folder where the file lives. 


If multiple users share the same item with a single user, the user receiving the share has the highest 
role that was shared. For example, if User B shares a file with User A and grants User A Viewer rights 
to the file, and then User C shares the same file with User A and grants Editor rights to the file, User 
A has Editor rights to the file. 


Users Can’t Grant Share Roles That They Don’t Have 


Users with Contributor rights on folders can grant Viewer, Editor, and Contributor rights to other 
users as Filr system share and Net Folder share settings allow. 


On the other hand, Users with Viewer rights on folders can only grant Viewer rights to other users 
with whom they are allowed to share. 


File System Rights Also Affect the Ability to Assign Share Roles 


Sharing of files and directories involves an additional layer that provides access and manages what 
those who are granted rights to share files can actually do. 


For users to grant Viewer, Editor, or Contributor rights to another user, they must have the minimum 
rights that those roles require, as outlined in the following tables. 


Table 12-1 NSS File System Rights and Filr Roles 


Role Minimum NSS Rights Required Comments 


Viewer Read (R), File Scan (F) These are the minimum file system trustee rights that 
users must have to view files and folders. 


Editor Read (R),Write (R), File If the Write file system trustee right is added to Read 
Scan (F) and File Scan, users can then modify file content. 
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Role 


Contributor 


Minimum NSS Rights Required 


Read (R),Write (W), Erase 
(E), Create (C),Modify, File 
Scan (F) 


or 


Supervisor 


Table 12-2 NTFS Permissions and Filr Roles 


Minimum NTFS Permissions 


Comments 


To perform contributor functions, users must either have 
all file system trustee rights to the file or folder (except for 
Access Control) or the Supervisor right to the file 
or folder. 


The presence or absence of Access Control has no 
meaning in Filr because Filr cannot modify file system 
trustee rights. A Filr user with the Access Control 
right on the file system cannot grant file system access 
to another user through Filr. 


It is true that Filr users with sufficient Filr permissions can 
share access to files and folders with other users, but 
this is a Filr function that leverages the file system rights 
of Net Folder proxy users. Access to shared files and 
folders is independent of any file system rights that 
individual users have or do not have. 


Role Required Comments 
Viewer Read, Read & Execute, List These are the minimum basic permissions that users 
Folder Content must have in order to view files and folders. The default 
special permissions associated with these basic 
permissions are also required. 
Editor Read, Read & Execute, List If the basic Write permission is added, users can then 


Folder Content, Write 


modify file content. The default special permissions 
associated with these basic permissions are also 
required. 


Contributor 


Read, Read & Execute, List 
Folder Content, Write, 
Modify 


or 


Full Control 


To perform contributor functions, users must either have 
the basic Modify permission added or they must have 
the basic Full Control permission. The default 
special permissions associated with these basic 
permissions are also required. 
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Filr Synchronization 


Figure 13-1 illustrates at a high level the information and content that get synchronized in Filr. The 
table that follows the figure describes some of the results and implications of the processes that take 


place. 


The figure does not illustrate functional details. For example, it does not attempt to show the flow of 
LDAP metadata and file/folder metadata to Filr services for storage and indexing. 


Figure 13-1 What Gets Synchronized 
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Letter 


Details 


Desktop applications for Windows and Macintosh workstations must download local copies of files 
and folders before accessing them. 


Before the files and folders in Net Folders (including in Home folders) can be downloaded, their 
metadata must be synchronized with Filr. (See the metadata synchronization process indicated in 
letter D.) For this reason, many Filr administrators perform a manual synchronization when initially 
setting up a Net Folder so that when users access it from their desktops, they can download the files 
and folders as expected. 


Note that the arrow that shows files and folders being synchronized from file servers to desktops, 
passes through the Net Folders icon. This is because Net Folder files and folders are not stored in 
Filr. Only their metadata is synced. The files and folders that are synchronized to the desktops come 
directly from the file servers. Net Folders only facilitate the transfer process. 


Files and folders in Filr-based personal storage are automatically synchronized to the workstation’s 
file system. Net Folders are also configured by default to allow data synchronization with desktop 
applications. 


After data is synchronized with the desktops, then as long as the desktops are connected with the 
network, changes to local copies are immediately synchronized with the file server. If the workstation 
is disconnected, then when the connection is restored, synchronization is automatic. 


However, Net Folder download functionality can be disabled. If this occurs, then desktop application 
users will not be able to view or access the files and sub-folders in their assigned Net Folders from 
their workstations. (Unlike Web and mobile access, Desktop applications do not provide Net Folder 
browsing. Browsing within the desktop applications is limited to local downloaded copies of Net 
Folder files.) 


One reason that Filr administrators might disable the download functionality would be to prevent 
anyone from getting a local copy of sensitive files must be stored only on the organization’s file 
servers. 


The MySQL database, the Lucene indexer, and Net Folders work together to provide access to data 
through Filr. MySQL houses the Filr database. The Lucene indexer indexes all of the LDAP and file 
storage metadata so that search functionality is available. It also indexes file content for searching in 
folders that have indexing enabled. And Net Folders provide users who have authenticated with 
proper credentials, access to files and folders on the network through the file storage metadata that 
is associated with them. 


Regular LDAP synchronization is essential to timely user access to their files and folders. Some 
organizations find it sufficient to synchronize LDAP once a day. Others require more frequent 
synchronization to keep Filr abreast of changes in their identity stores. 
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Letter 


Details 


Because file and folder activity on network file servers can be in constant flux, and because 
synchronization needs vary greatly from server to server, Net Folder synchronization is multi-faceted 
and very flexible. 


You can set synchronization schedules for each Net Folder Server. The Net Folders associated with 
that server are then synchronized according to the general nature of the volume or share where they 
reside. 


You can also set synchronization schedules for individual Net Folders that will override the server 
schedules and synchronize the folders either more or less frequently than the server schedule 
dictates. 


You can perform manual synchronizations, which is a very useful feature when creating Net Folders 
to ensure that desktop application users can download local copies for access. 


You can enable Just-in-Time Synchronization (JITS) so that each time a folder is accessed from the 
Web or a mobile device, its content is synchronized with Filr. (The desktop applications do not trigger 
JITS.) 
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Network Time and Filr 


Filr 1 appliances and the file servers that they point to should be in the same time zone and they 
should use the same reliable NTP time source. 


Browsers and access devices can be in different time zones than the appliances and servers that they 
access because all time-stamp-associated actions are handled using UTC. However, if the desktop is 

not synced to a reliable time source, there could be some confusion. For example, a time stamp on the 
server might appear to be “in the future” when compared with the time on the desktop. 
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Viewing Files as HTML in Filr 


Many files that are accessible through Filr can be viewed as HTML through the same Oracle Outside 
In technology that is included with Novell Vibe and GroupWise. 


To learn more about this technology, see a PDF document available on Oracle’s Web site. 
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Users and Groups with Filr 


For users to access Filr, they must generally be provisioned on the Filr system in one of the following 
ways: 
¢ They can be synchronized from an internal LDAP identity store. 
* They can be created by Filr administrators. 
* They can be invited to participate through share invitations. 
When they respond to the invitations, they are given the opportunity to either 
* Self-provision an account on the Filr server. 
Or 
* Access Filr using a Google or Yahoo OpenID account. 
After they are provisioned, they can then be granted personal storage and other permissions 


similar to those enjoyed by internal users. 


Users can be assigned rights on Filr as members of groups, including as members of either the A11 
Internal Users group orthe All External Users group, which includes those whose accounts 
were created as a result of an email share invitation. 


After users and groups are provisioned, they have accounts in Filr that correspond to their original 
identities, but in the case of LDAP, these are only secondary. Filr synchronizes regularly with LDAP 
to verify authentication credentials, the status of home directories, updates on file system rights, and 
so on. 


Finally, when Filr administrators allow it, "Guest" users are able to access publicly available files and 
folders through Filr. 


Figure 16-1 provides a high-level overview of the provisioning process that allows users and groups 
to access an organization's internal data through Filr. 
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Figure 16-1 Provisioning Users and Groups 
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Details 


eDirectory users are provisioned on Filr through LDAP/LDAPS synchronization. 
Synchronization is one-way. 


Password and other changes on the eDirectory side are handled in Filr without additional 
configuration. 


Password and other changes can be made to a user's Filr configuration. However, they are not 
synchronized back to eDirectory. Instead, they are overwritten by the configuration in eDirectory 
with each synchronization. 


Active Directory (AD) users are provisioned on Filr through LDAP/LDAPS synchronization. 
Synchronization is one-way. 


Password and other changes on the AD side are handled in Filr without additional configuration. 


Password and other changes can be made to a user's Filr configuration. However, they are not 
synchronized back to AD. Instead, they are overwritten by the configuration in AD with each 
synchronization. 


Filr administrators can also provision users on the Filr appliance. These are referred to as Local 
users in the documentation and Filr interfaces. 


External User accounts are created when share invitations are issued through email from Filr. 
The users provision themselves with a password, and so on when they log in to Filr. 


Public users (Guests) aren't provisioned with accounts on Filr. Public users are anonymous to 
Filr and are allowed access to shared files in Net Folders through the Proxy User assigned to 
the Net Folder they are accessing. For shared files and folders in My Files, Public users gain 

access through the Filr admin process. 
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Documentation Updates 


This section summarizes the changes made to the guide since the initial release of Novell Filr 1.0. 


November 2013 


Chapter or Section Changed Summary of Changes 


Section 4.5, "Rights to Files and Folders," on page 33 . Updated section to include information about how Filr 
roles map to NSS and NTFS file system rights, as well 
as information about Home folders and file attributes. 


May 2013 

Chapter or Section Changed Summary of Changes 

Figure 3-3 on page 27 Changed to more accurately reflect the process. 
Various Minor editing changes. 
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